KB Article #175941

Heartbleed OpenSSL Vulnerability (CVE-2014-0160) not affecting any Accounting Integrator versions

Problem

--Heartbleed OpenSSL Vulnerability (CVE-2014-0160)

Package: OpenSSL

CVE ID:  CVE-2014-0160


A vulnerability has been discovered in the TLS/DTLS Hearbeat extension for OpenSSL. Some memory from either client or server can be recovered by an attacker which may allow them to compromise encrypted private data from memory including the private key.


What versions of the OpenSSL are affected?

 

Status of different versions:

 

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

OpenSSL 1.0.1g is NOT vulnerable

OpenSSL 1.0.0 branch is NOT vulnerable

OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

 

More information on this vulnerability can be found here:


http://heartbleed.com/

https://www.openssl.org/news/secadv_20140407.txt

Resolution

--Accounting Integrator (Rule Engine)r is not affected at all. No version of Accounting Integrator (Rule Engine) products uses OpenSSL.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.